virus klez

n/a

I Read some posts on this Virus,, Go to quickheal.com, and they explain how to rid yourself of this virus,, however the only way to really get rid of it is a complete recovery of your computer..as most virus protectors simply Isolate the infected file,, do not back up these files before a recovery or you will put the virus right back in..

LR

kimberkid

Ok, I don't know what happened, but someone sent me this virus, with a title line of "Windows ME Step By Step" and it wanted to open automatically, however my Outlook Express set up to ask if I want to open ... being suspisious of the virus I clicked cancel and delete ... I just got a message from MSN that it was detected in my outgoing mail and deleted it. (why they couldn't detect/delete it on its way in, I wish I knew!

Anyway, I don't see any difference in the way my system is running ... what is this virus supposed to do? I do have several files with the extension ".pif" which is supposed to the same extension that this virus uses. I went to quickheal.com and didn't really understand what damage it was supposed to do, I'm following the removal procedure anyway and using my back-up computer in the meantime ... Do I have it or not?

BTW, I've also gotten several blank emails to my GunBroker address ... is this the same virus coming from another source?

=================================
Sometimes the most obvious, is the most elusive!kimberkid@gunbroker.zzn.com

offeror

I was a big McAfee fan until I walked into my local best computer techie store yesterday and a guy told me it was junk, that there are viruses created specifically for people who use McAfee. He wasn't familiar with Fix-It, which I've also used, but I found Fix-It utilities were putting my computer stability in question, so I finally deleted it and am now officially a Norton AntiVirus user -- for the moment. I ran a scan last night and it found two new .html files which supposedly had a virus. I quarantined them, after which you can open the quarantine utility and delete the files. The last virus update I got from my provider had 215 new viruses in it, so trying to defeat them one at a time is a losing game. Just get good virus software, run the autoscanner in the background, always download the new virus library updates, and run a scan on your computer regularly, once every week or two.

-- Life NRA Member
If dishonorable men shoot unarmed men with army guns, the evil must be prevented by the penitentiary and not by general deprivation of constitutional privilege." - Arkansas Supreme Court, 1878

will270win

Supposedly if you will place !000 as you first address in yer book then viruses can't send themselves out or something. Something to do with if it can't get past the first one, it quits or is stuck on that one indefinitely. Can anyone confirm this?


~Secret Select Society Of Suave Stylish Smoking Jackets~

idsman75

The Klez virus was designed to disable Norton Anti-Virus too. It nuked my Norton and it nuked my McAffee. I downloaded an antidote and it completely jacked up my computer. Now the computer won't respond after the desktop comes up. There is no pointer and I can't even get it to respond with key-strokes. Here's a REALLY dumb question. How do you format a hard drive?

SSG idsman75, U.S. ARMY

kimberkid

will270win,
I have that in my address book, actually I have !000i with no address, but according to MSN, my "I" sent some emails with the virus ...

I ran the killklez program from quickheal.com, and according to that there was no virus found ???

As I said, I've not noticed any difference in my computer and the email that I'm 99.99% sure it came in, I deleted without opening ... guess I wont worry about it ... till something crashes ... at least I have a back-up (read old 266 pentimum computer that wasn't worth the trouble of selling ... but it still works)

idsman75,
Most likely the only thing you can do is shut your system down, insert the recovery disc that should have came with the unit and power it up ... it will wipe out everything you had on it, back to to the original configuration ... or take it to a computer tech and see what they say!

=================================
Sometimes the most obvious, is the most elusive!kimberkid@gunbroker.zzn.com

Edited by - kimberkid on 05/01/2002 19:23:21

idsman75

Ohhhhhhhh that's what that recovery disk was for. And to think it worked so well in the clay pigeon thrower.

SSG idsman75, U.S. ARMY

Tailgunner1954

The 000! address sits as the first name in your addy book, which is OK if the virus starts at the begining, however the newer virus's pick names at random.

---

Some guys like a mag full of lead, I still prefer one round to the head.

concealedG36

Here's the way to deal with these problems guys:

1) Run a good anti-virus software, I use Norton 2002 and I have not yet gotten any viruses (despite the fact that others networks that I connect to have). Frequently update the definition files, this will allow the software to detect and remove the latest viruses/worms and Trojans. And, make sure it is configured to automatically get updates. Run a full system scan at least once every 2-3 weeks.

2) Run a software firewall like Tiny Personal Firewall. It can be found on http://www.download.com Configure it to ask you before allowing traffic in or out of your system. That way, your system won't be up/downloading data without your permission. You can create "rules" to allow or disallow frequently occurring events so that you don't have to get asked every time (like when connecting to the Internet).

3) If you have already been infected, try going to http://sarc.com This site offers several patches and sets of instructions to remove virus/worm/Trojan infections from your systems. Usually, if they can not fix your computer they will tell you what you need to do to fix the problem. They also provide detailed information on virus hoaxes and new threats.

4) To prevent future infection do not open e-mail attachments unless you know who they came from and what they are. I actually block several attachments from even entering my clients' sites. Files with the extension (what comes after the period, such as example.exe) exe, bat, pif, scr, cab, vbs, and com are the most common types used to disseminate viruses. To date, it is still reasonably safe to open image and music files such as those with the extensions jpg, bmp, gif, mp3 and wav.

5) If you are running Microsoft Windows, go to http://www.windowsupdate.com and download/install ALL available critical updates. The other updates are available should you choose to download them.

6) If you must reformat your system be sure that you have the necessary software on CD or floppy disk before you proceed. If not, you'll be all done. You'll at least need a copy of the Operating System disk (such as Windows 98, etc.). If you have a non-infected system (if not borrow one from a friend or the library) go to the Control Panel and the Add Remove Programs applet. Select Windows Startup Disk, create one onto a floppy disk. Then, go to Start and Find and find a file called format and one called fdisk. Copy each of these to the floppy.

Then, to reformat/reload your computer turn off your infected computer and insert the floppy. Most systems are designed to boot up from a floppy first, so your system should read the disk. If it asks you if you want to enable CD ROM support say no. Then, making sure that the prompt says A:\, type in this "format c:". You will be asked if you want to format, say yes. Then, when it is done it will ask for a volume label, you can type in a name for your disk or leave it blank. Then, restart your system leaving the flopppy in. Then, when the system boots back up and asks if you want to enable CD support say yes.

Type the following:

cd c:

when the C:\ prompt appears type this:

md windows (hit enter)
cd windows (hit enter)
md options (hit enter)
cd options (hit enter)
md cabs (hit enter)

Then, making sure your Windows Operating System disk is inserted in the CD ROM type in:

copy e:\win98 c:\windows\options\cabs
*this assumes your CD is now E:\, you may have to try d: or F:

finally, once the copying is done, type in "setup" and the Windows reinstallation will begin.

If any of you guys need help just post a reply here...

Good luck,
G36

Gun Control Disarms Victims, NOT Criminals

offeror

I was able to download the little patch for this virus. All you have to do is first turn off "Windows Restore" in your System Performance control panel settings, then restart your computer while holding down the Control key so that you can start up the computer in Safe Mode. Then run the patch, which searches your drives. Then restart, and turn Windows Restore back on. I came up clean for the virus. So far, so good....

-- Life NRA Member
If dishonorable men shoot unarmed men with army guns, the evil must be prevented by the penitentiary and not by general deprivation of constitutional privilege." - Arkansas Supreme Court, 1878

idsman75

G36--Norton didn't stop the Klez that got my system on Tuesday. I had just updated it online on Sunday. The "Klez" nuked Norton and wouldn't allow me to load McAffee. I fixed it last night (thanks to Bullzeye's advice) and now it's up and running better than ever. McAffee is installed and am running VirusScan and Guardian and Firewall.

SSG idsman75, U.S. ARMY

Miss. Creant

My new Norton has been picking that one up in e-mails. i quartine them and then delete them with zero problems. Nortom has picked that one up 4 times this week.